Re: [Declude.JunkMail] revdns
the dns servers are 208.13.150.92 and 208.13.150.91 set in imail... On Sat, 2003-01-11 at 11:45, R. Scott Perry wrote: > > >perhaps it's too early - but I notice these being tagged as revdns > >failed ... > > > >Received: from IMGate.Mailstop7.com [208.13.150.9] by mailstop7.com with > > ESMTP (SMTPD32-7.13) id A93013FE0108; Sun, 05 Jan 2003 18:01:04 -0500 > > This is the only header that has an IP address, so this should be the one > with no reverse DNS entry. However, it does have one. Perhaps your local > DNS server is/was set up to handle the reverse DNS for that IP, but it > doesn't have an entry for it? > > If you let me know the DNS server that you are using with IMail, I can test > to see if it is properly reporting the reverse DNS for that IP. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] revdns
perhaps it's too early - but I notice these being tagged as revdns failed - this just started a couple days ago - can someone more awake than I, help - I am off to get some coffee...the imgate machine is my postfix gateway...it is trying to send me a report that it itself is blocking due to content, as it is reporting on content rejection, and the content rejection strings are included in the report - (I know - I should fix that)...anyway...it used to come through declude okay, and as far as I can tell, has never been touched by a machine that doesn't have proper revdns . thanks, Kevin --- Received: from IMGate.Mailstop7.com [208.13.150.9] by mailstop7.com with ESMTP (SMTPD32-7.13) id A93013FE0108; Sun, 05 Jan 2003 18:01:04 -0500 Received: by IMGate.Mailstop7.com (Postfix) id E1EB81388E; Sun, 5 Jan 2003 18:01:02 -0500 (EST) Delivered-To: [EMAIL PROTECTED] Received: by IMGate.Mailstop7.com (Postfix) id 77FAB141C3; Sun, 5 Jan 2003 18:01:02 -0500 (EST) Date: 05 Jan 2003 18:01:02 -0500 From: Mail Delivery System <[EMAIL PROTECTED]> Subject: SPAM: Undelivered Mail Returned to Sender To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="1FC9F1388E.1041807662/IMGate.Mailstop7.com" Message-Id: <[EMAIL PROTECTED]> X-Note: Scanned For Junk - mailstop7.com. X-Spam-Tests-Failed: REVDNS, SNIFFER X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 322504174 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] routing suspicious
Hey all, Don't know who may be in the imgate list as well, but I notice everything from there (and Len) is flagged for routing problems - anyone know how to ignore his routing only? Thanks Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] whitelisting
now this is odd - and I must be real stupid so bear with me...if I whitelist the address that attaches to my mail server as below the rest of the message gets skipped - so my customers who I've told they can forward mail into this system, and it will catch spam are in trouble... i.e. [EMAIL PROTECTED] wants to block spam 2.they also have a [EMAIL PROTECTED] 3.I tell them they can forward mail to [EMAIL PROTECTED] from that maine.rr.com account and it will mark spam. 4.Things are working dandy... 5.spamcop gets wind of a spam that seems to increminate a server in the roadrunner system - one in NYC. 6.spamcop starts hitting in that server using the HOPS we have 7.suddenly all mail forwarded through maine.rr.com is tagged as spam. 8.I whitelist the IP that touches our server and suddenly all mail from maine.rr.com is never spam. Is there any way to just IGNORE IP 24.29.99.40 in the hops check and continue down the hops / without breaking something else... FYI the dirty server is in NYC or someplace, and appears to be a sorting gatway for roadrunner in the NE area - it's IP is 24.29.99.40. the server in Maine that delivers the mail is 24.93.159.132 - clean. thanks, Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, May 02, 2002 10:39 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] whitelisting >okay - but it is the 24.29.99.40 I am trying to whitelist...spamcop is >marking it, but I don't want it to get tagged I put the WHITELIST IP >24.29.99.40 in global.cfg but it still tags it - That's because the "WHITELIST IP" only works with the IP address of the remote mailserver (the one connecting to yours), not other mailservers that may have handled the E-mail. >... or do I whitelist the one above it, so the rest of the chain gets skipped? That's exactly what I would recommend. >The one above it (24.93.159.132) would >handle the majority of the problem, but if I get some legit email that >touches this gateway ip (24.29.99.40) without hitting 24.93.159.132 I would >still want the mail... Unfortunately, there isn't a way to handle that situation (whitelist an IP other than the one that connects directly to yours). However, legitimate E-mail leaving 24.29.99.40 should always take the same path to your server (unless 24.29.99.40 gets changed to use a gateway, or some other configuration change). > -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] whitelisting
okay - but it is the 24.29.99.40 I am trying to whitelist...spamcop is marking it, but I don't want it to get tagged I put the WHITELIST IP 24.29.99.40 in global.cfg but it still tags it - all the other ip's in the headers are clear according to spamcop, and the one above is dirty. so will it whitelist the hops down the chain or do I whitelist the one above it, so the rest of the chain gets skipped? The one above it (24.93.159.132) would handle the majority of the problem, but if I get some legit email that touches this gateway ip (24.29.99.40) without hitting 24.93.159.132 I would still want the mail... sorry to be so daft. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, May 02, 2002 7:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] whitelisting >so let me get this straight I should have ignore for the imgates addresses >even though I have >HOP 1 >HOPHIGH 5 No, if you have "HOP 1", then Declude will automatically skip the first hop, no matter what it is. So in this case, Declude will scan the IP address from the second Received: header through the 6th one. If you have both "HOP 1" and an IPBYPASS line, and E-mail arrives from the IP you have listed, then Declude will start scanning on the 2nd hop. >and if so, looks like spamcop is picking up an IP that is 3 hops down in >this case(24.29.99.40). 24.93.159.132 is the second hop, and not the one >spamcop is hitting on ..and I didn't want to catch the email, I want to >ignore that one as it is a main server / gateway in the NE for rr.com >addresses. In that case, it sounds like you want to whitelist it. You can have a line: WHITELIST IP 24.93.159.132 That will make sure that E-mail coming from 24.93.159.132 is whitelisted. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] whitelisting
so let me get this straight I should have ignore for the imgates addresses even though I have HOP 1 HOPHIGH 5 and if so, looks like spamcop is picking up an IP that is 3 hops down in this case(24.29.99.40). 24.93.159.132 is the second hop, and not the one spamcop is hitting on ..and I didn't want to catch the email, I want to ignore that one as it is a main server / gateway in the NE for rr.com addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, May 02, 2002 4:56 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] whitelisting >I am trying to get a whitelist working the manual says to add "whitelist ip >ip.add.re.ss" does that include quotes (can't seem to make it work - the >address could be a hop or three back - spamcop 24.29.99.40) No, if quotes are needed anywhere, it will be specified. >WHITELIST IP 24.29.99.40 >Any one know what I'm doing wrong? I do. :) >Received: from IMGate.Mailstop7.com [208.13.150.91] by mailstop7.com with >ESMTP > (SMTPD32-7.07) id A34F25840044; Thu, 02 May 2002 16:36:31 -0400 >Received: from ptldme-mls1.maine.rr.com (ptldme-mls1.maine.rr.com >[24.93.159.132]) > by IMGate.Mailstop7.com (Postfix) with ESMTP id 62F62138DA > for <[EMAIL PROTECTED]>; Thu, 2 May 2002 16:36:27 -0400 (EDT) The problem is that by default Declude JunkMail will only scan the first IP address. In this case, it's 208.13.150.91, which looks like a server of yours. In that case, Declude JunkMail will scan based on 208.13.150.91, which isn't listed in your blacklist. What you should do in this case is add a line "IPBYPASS 208.13.150.91" to the \IMail\Declude\global.cfg file. That will make sure that Declude JunkMail doesn't scan 208.13.150.91. In this case, it will scan 24.93.159.132, and should catch the E-mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] whitelisting
I am trying to get a whitelist working the manual says to add "whitelist ip ip.add.re.ss" does that include quotes (can't seem to make it work - the address could be a hop or three back - spamcop 24.29.99.40) -- my line in global.cfg # # Below are some advanced options # WHITELIST IP 24.29.99.40 Any one know what I'm doing wrong? headers below I sent to a maine.rr.com account that is forwarded back to my server... Received: from IMGate.Mailstop7.com [208.13.150.91] by mailstop7.com with ESMTP (SMTPD32-7.07) id A34F25840044; Thu, 02 May 2002 16:36:31 -0400 Received: from ptldme-mls1.maine.rr.com (ptldme-mls1.maine.rr.com [24.93.159.132]) by IMGate.Mailstop7.com (Postfix) with ESMTP id 62F62138DA for <[EMAIL PROTECTED]>; Thu, 2 May 2002 16:36:27 -0400 (EDT) Received: from nycmx01.mgw.rr.com ([24.29.99.40])<-THIS ONE FAILS SPAMCOP by ptldme-mls1.maine.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U25L25S0V35) with ESMTP id com for <[EMAIL PROTECTED]>; Thu, 2 May 2002 16:36:07 -0400 Received: from IMGate.Mailstop7.com (imgate.mailstop7.com [208.13.150.9]) by nycmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g42KaRWf006104 for <[EMAIL PROTECTED]>; Thu, 2 May 2002 16:36:28 -0400 (EDT) Received: from mailstop7.com (mail.mailstop7.com [208.13.150.10]) by IMGate.Mailstop7.com (Postfix) with ESMTP id 2EECE138DA for <[EMAIL PROTECTED]>; Thu, 2 May 2002 16:36:25 -0400 (EDT) Received: from drawnearkc [208.13.150.117] by mailstop7.com (SMTPD32-7.07) id A34B25800044; Thu, 02 May 2002 16:36:27 -0400 From: "Kevin Crawford" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: SPAM: test Date: Thu, 2 May 2002 16:36:31 -0400 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Note: Scanned For Junk - mailstop7.com. X-Spam-Tests-Failed: SPAMCOP X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 294478290 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] undocumented feature
Hey all - went to the site where you can download spamreview, and their docs said something about an undocumented feature to scan for possible adult content, using JunkMail - is this really possible? Also, I asked this question before, but it was under another thread or something, is there any way (when using perdomain) of placing held files in a separate hold directory per domain...? thanks, Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] New Declude JunkMail User
Title: Message what is the undocumented possible adult content all about ? any body know how to enable that check? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Jones, Jr.Sent: Tuesday, April 30, 2002 9:17 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] New Declude JunkMail User check out this utility... it has worked really well for us... http://www.slsoft.com/spamreview.htm jim - Original Message - From: Henry H. Isgett To: [EMAIL PROTECTED] Sent: Tuesday, April 30, 2002 3:43 PM Subject: [Declude.JunkMail] New Declude JunkMail User Greetings! I have just started using declude junkmail and it is working great. Question: I am "Holding" all failed emails and spot checking several to see what kind of emails are getting blocked. Instead of holding all failed emails in the spam directory, is there a way to forward all of these emails to a user account so they can be read via outlook express. The reason being is in effort to monitor these emails and forward them on to the appropriate users if needed. Seems like a lot of work up front as far as checking every email, but we do ALOT of business via email and really cannot stand to have that one or two legite emails stopped because of a failure. Thanks, Henry H. Isgett Network Administrator MCSE Computer Dimensions, Inc. 843.662.1681 x3194 [EMAIL PROTECTED]
[Declude.JunkMail] junkmail folder
Anyone know of a way to make junkmail (when HOLD is action) move the que file to a directory based on the domain name \imail\spool\spam\domain.com ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] default settings / per domain settings
I knew everyone would have only nice things to say. - anyway I just bought junkmail and can't wait to see it going. I am making sure I understand the perdomain settings - if I want to scan only one domain out of many - the best way would be to make a default setting of not scanning anything - and add perdomain settings to the few I want to do, right? thanks, Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] consensus
Hello - I have taken my credit card out of my wallet two or three times now, headed to buy declude junkmail - on the fence so to speak. I know how well declude works for AV - and I am very impressed with Scott as a helpful and courteous individual - and he seems real smart too - lots of knowledge on the workings of mail etc I am trying to drum up support (funds) for it from a few of my business customers. I would like some reviews if possible - what kind of kill rate some of you get without paying some of the db's services out there - just using the free stuff. Cold hard percentages would be good. I am using imgate at the moment, but the ability to just mark spam would be so much better than deleting it - and weighting sounds immensely better that pass or fail on one test, then on to the next. I have gone down to only blocking open relays (since no reason exists to have one - and if you are legit, you shouldn't want one anyway) Also, what kind of performance hits do you take - sorry to break in on such a quiet day - thanks Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
